The Director of Information Security is responsible for leading the delivery of Lightspeed's Information Security Strategy and global annual information security programs. You will maintain a highly secured environment which is resilient against malicious threats and adheres to legal and regulatory compliance.
In this role you will provide support to deliver the Information Security program by leading and empowering a team of information security subject matter experts, and in collaboration with the various Lightspeed business functions. You will oversee and report on establishing and maintaining compliance with the Information Security requirements to meet Lightspeed business objectives.
You have proven experience in managing a team of security professionals delivering programs in a fast-growing, demanding but exciting environment. You have excellent soft skills, are process oriented and have many years of security technology experience.
Now we get to brag about us: Lightspeed powers small and medium-sized businesses in over 100 countries around the world with its cloud-based commerce platform. Its smart, scalable, and dependable all-in-one Point of Sale software system helps restaurants and retailers sell across channels, manage operations, engage with consumers, accept payments, and grow their business. Founded in 2005 with offices in Canada, USA, Europe and Australia, Lightspeed recently completed its initial public offering on the Toronto Stock Exchange (TSX: LSPD). We're passionate about enabling people to do their best work. Come work with us and find out what you can do.
Don’t mistake us for a typical corporation. We are not looking for just a team member, we’re searching for someone to enrich our family. We will encourage you to bring ideas and will give you creative freedom.
What will you do?
- Oversee the development, implementation, and maintenance of information security, policies, procedures, and standards across the company.
- Oversee the continuous enhancement of the security of Lightspeed's products and services.
- Oversee Lightspeed's certifications/assurance programs, including PCI-DSS, SSAE 16, SOX, and ISO27001.
- Oversee and support information security providers/vendors management.
- Develop and maintain effective relationships at all levels to communicate the information security programs and integrate effective security within business and change management processes.
- Oversee and support the effective delivery of Information Security processes, like Security Incident Management, Information Security Risk Management, Vulnerability Management, Secure Development process, Security by Design process, etc.
- Support Information Security reporting through the Information Security Key Performance and Key Risk indicators and overall Program updates.
- Assure delivery of the Information Security Risk Remediation plans driven by Internal/External Information Security related audits/incidents/ assessments.
- Support the Global Information Security awareness training and education programs.
- Oversee the Global development, training and professional education of staff within Information Security and technology-oriented teams.
- Support the Business Continuity Plan for the Information Security related teams and processes.
- Establish a culture and work environment that attracts, retains and motivates a diverse, skilled workforce in order to maintain a high degree of employee professionalism, commitment and desire to maintain updated skills and knowledge in support of a high-performance culture.
- Provide leadership and direction by setting the context, defining accountabilities, tasks, and assignments and establishing boundaries for decision-making and approvals.
- Coach, motivate, develop, and evaluate the performance of direct reports and provide guidance and mentoring in the resolution of complex issues.
- Provide development opportunities to direct reports, including the identification of training needs, creation, and implementation of appropriate development plans, monitoring, documenting and providing regular feedback on performance.
- Provide managerial direction, guidance, context setting and translate the strategic picture for direct reports.
- Ensure necessary succession plans are in place for all key positions. Identify and grow top talent and actively implement solutions to resolve single points of knowledge.
- Other duties as they arise and pertain to the role.
Who are you?
- Educated in Information Systems (IS) or a related field
- 8-10 years of relevant security experience and at least 6 years of team management experience
- Certified in CISSP, CISA, CISM, CBCP or similar is a strong plus
- Well versed in Internet technologies, IT infrastructure, systems, and development environments
- Very comfortable with information security governance frameworks and methodologies (e.g. ISO 17799/27001, COBIT)
- Well aware of common security compliance frameworks, controls and best practices (NIST, SANS, PCI, HIPAA)
What skills and experience do you need?
- Understanding of the risks & implications of Cloud Services in organizations
- Technical knowledge and understanding of security engineering and development, threat modeling, attack methods and exploitation of vulnerabilities
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment
- Experience of working in a global and international digitally-led environment which place significant importance on cybersecurity
- The ability to balance strategic and operational demands; thinking about new initiatives, whilst being hands-on and detail-oriented
- Exhibit excellent analytical skills, the ability to manage multiple projects under a strict timeline
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals
- Natural gravitas and impact with the ability to influence, engage and motivate both at an executive level and at all levels of the organization
- Proactive and forward-looking with a ‘can do’ attitude, able to anticipate future demands in order to ensure the business is prepared to appropriately respond; willingness to go beyond the call of duty to get the job done
- Business continuity management knowledge and experience
And what about the work environment?
In addition to the perks you see on the Careers page, you’ll get access to:
- A beautifully renovated office space in a castle; one of the best development centres in Montreal;
- An environment that encourages initiatives and leadership;
- Happy hour every Friday afternoon;
- Birthday treats every month to celebrate our employees;
- Social events throughout the year including the legendary annual holiday party;
- Fun activities with your teammates - be part of the Lightspeed family;
- Work with highly talented people who are as passionate about their craft as you are!